package org.gluu.casa.plugins.accounts.service;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import java.net.URL;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.gluu.casa.core.model.CustomScript;
import org.gluu.casa.misc.Utils;
import org.gluu.casa.plugins.accounts.pojo.LinkingSummary;
import org.gluu.casa.plugins.accounts.pojo.PassportScriptProperties;
import org.gluu.casa.plugins.accounts.pojo.PendingLinks;
import org.gluu.casa.plugins.accounts.pojo.Provider;
import org.gluu.casa.plugins.accounts.pojo.ProviderType;
import org.gluu.casa.service.IPersistenceService;
import org.gluu.casa.service.ISessionContext;
import org.gluu.oxauth.model.common.WebKeyStorage;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.crypto.CryptoProviderFactory;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.util.security.StringEncrypter;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.zkoss.util.resource.Labels;
import org.zkoss.web.servlet.http.Encodes;

@Path("/idp-linking")
/* loaded from: input_file:org/gluu/casa/plugins/accounts/service/PassportLinkingService.class */
public class PassportLinkingService {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private ObjectMapper mapper;
    private Map<ProviderType, PassportScriptProperties> passportProperties;
    private StringEncrypter stringEncrypter;

    @Context
    private UriInfo uriInfo;

    public PassportLinkingService() {
        this.mapper = new ObjectMapper();
        try {
            this.logger.info("Creating an instance of PassportLinkingService");
            this.mapper = new ObjectMapper();
            IPersistenceService iPersistenceService = (IPersistenceService) Utils.managedBean(IPersistenceService.class);
            this.stringEncrypter = Utils.stringEncrypter();
            this.passportProperties = new HashMap();
            for (ProviderType providerType : ProviderType.values()) {
                PassportScriptProperties passportScriptProperties = new PassportScriptProperties();
                CustomScript customScript = new CustomScript();
                customScript.setDisplayName(providerType.getAcr());
                customScript.setBaseDn(iPersistenceService.getCustomScriptsDn());
                List find = iPersistenceService.find(customScript);
                CustomScript customScript2 = find.size() > 0 ? (CustomScript) find.get(0) : null;
                if (customScript2 != null) {
                    Map scriptConfigPropertiesAsMap = Utils.scriptConfigPropertiesAsMap(customScript2);
                    passportScriptProperties.setKeyStoreFile((String) scriptConfigPropertiesAsMap.get("key_store_file"));
                    passportScriptProperties.setKeyStorePassword((String) scriptConfigPropertiesAsMap.get("key_store_password"));
                    this.passportProperties.put(providerType, passportScriptProperties);
                }
            }
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            this.logger.warn("Service for linking external identities may not work properly");
        }
    }

    @GET
    public Response processError(@QueryParam("failure") String str) throws Exception {
        this.logger.warn("An error occurred: {}", str);
        return Response.serverError().entity(str).build();
    }

    @POST
    @Path("{provider}")
    public Response doLink(@FormParam("user") String str, @PathParam("provider") String str2) throws Exception {
        this.logger.trace("doLink POST handler called");
        LinkingSummary linkingSummary = new LinkingSummary();
        String str3 = null;
        String str4 = (String) Optional.ofNullable(((ISessionContext) Utils.managedBean(ISessionContext.class)).getLoggedUser()).map((v0) -> {
            return v0.getId();
        }).orElse(null);
        this.logger.info("Linking provider {} to user {} ...", str2, str4);
        try {
            if (str4 == null) {
                str3 = Labels.getLabel("sociallogin.link_result.session_lost");
                this.logger.warn(str3);
            } else if (PendingLinks.contains(str4, str2)) {
                Provider provider = AvailableProviders.get().stream().filter(provider2 -> {
                    return provider2.getId().equals(str2);
                }).findFirst().get();
                Jwt validateJWT = validateJWT(str, this.passportProperties.get(provider.getScriptType()));
                if (validateJWT != null) {
                    this.logger.info("user profile JWT validated successfully");
                    this.logger.trace("JWT = {}", validateJWT);
                    String claimAsString = validateJWT.getClaims().getClaimAsString("data");
                    this.logger.info("decrypting profile...");
                    String asText = this.mapper.readTree(this.stringEncrypter.decrypt(claimAsString)).get("uid").get(0).asText();
                    if (provider.getEnrollmentManager().isAssigned(asText)) {
                        str3 = Labels.getLabel("sociallogin.link_result.already_taken", new String[]{asText, str2});
                        this.logger.warn(str3);
                    } else {
                        linkingSummary.setProvider(str2);
                        linkingSummary.setUid(asText);
                    }
                } else {
                    str3 = Labels.getLabel("sociallogin.link_result.validation_failed");
                    this.logger.error(str3);
                }
            } else {
                str3 = Labels.getLabel("sociallogin.link_result.unexpected_provider", new String[]{str2});
                this.logger.warn(str3);
            }
        } catch (Exception e) {
            str3 = e.getMessage();
            this.logger.error(str3, e);
        }
        if (str3 != null) {
            linkingSummary.setErrorMessage(str3);
        }
        URI uri = new URL((this.uriInfo.getAbsolutePath().toString() + "/../../account-linking-result.zul?provider=" + Encodes.encodeURIComponent(str2)).replaceFirst("/rest", "")).toURI();
        PendingLinks.add(str4, str2, linkingSummary);
        this.logger.debug("Redirecting to {}", uri.toString());
        return Response.seeOther(uri).build();
    }

    private Jwt validateJWT(String str, PassportScriptProperties passportScriptProperties) {
        try {
            Jwt parse = Jwt.parse(str);
            AppConfiguration appConfiguration = new AppConfiguration();
            appConfiguration.setWebKeysStorage(WebKeyStorage.KEYSTORE);
            appConfiguration.setKeyStoreFile(passportScriptProperties.getKeyStoreFile());
            appConfiguration.setKeyStoreSecret(passportScriptProperties.getKeyStorePassword());
            appConfiguration.setKeyRegenerationEnabled(false);
            if (CryptoProviderFactory.getCryptoProvider(appConfiguration).verifySignature(parse.getSigningInput(), parse.getEncodedSignature(), parse.getHeader().getKeyId(), (JSONObject) null, (String) null, parse.getHeader().getSignatureAlgorithm())) {
                return parse;
            }
            return null;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            return null;
        }
    }
}
